Re: [libvirt] [PATCH 7/8] appmor, libvirt-qemu: Add 9p support

Quoting Guido Günther (agx(a)sigxcpu.org): > On Thu, May 18, 2017 at 11:21:54AM -0500, Serge E. Hallyn wrote: >> Mind you I'm not crazy about this. If this could be toggled with a >> default-off config option that would seem better than always giving >> these caps to libvirt-qemu. > > virt-aa-helper could add these if it detects a 9pfs file system. That > would be better than always adding it. Agreed

> Cheers, > -- Guido > >> >> Quoting Stefan Bader (stefan.bader(a)canonical.com): >>> From: Serge Hallyn <serge.hallyn(a)ubuntu.com&gt; >>> >>> Add fowner and fsetid to libvirt-qemu profile. >>> >>> Bug-Ubuntu: https://bugs.launchpad.net/bugs/1378434 >>> >>> Signed-off-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com&gt; >>> Signed-off-by: Stefan Bader <stefan.bader(a)canonical.com&gt; >>> --- >>> examples/apparmor/libvirt-qemu | 4 ++++ >>> 1 file changed, 4 insertions(+) >>> >>> diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu >>> index 89466c9..f04ce04 100644 >>> --- a/examples/apparmor/libvirt-qemu >>> +++ b/examples/apparmor/libvirt-qemu >>> @@ -13,6 +13,10 @@ >>> capability setgid, >>> capability setuid, >>> >>> + # for 9p >>> + capability fsetid, >>> + capability fowner, >>> + >>> network inet stream, >>> network inet6 stream, >>> >>> -- >>> 2.7.4 >> -- libvir-list mailing list libvir-list(a)redhat.com https://www.redhat.com/mailman/listinfo/libvir-list